A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 5.5 (including) | 5.10.136 (excluding) |
Linux_kernel | Linux | 5.11 (including) | 5.15.12 (excluding) |